The Tunisian Hacker, Human Mind Cracker, has claimed to have discovered SQL Injection vulnerability in Top Bangladesh Government websites.

In an email sent to E Hacking News, hacker mentioned that he found SQLi in three Government sites.

Affected Government sites are the official site of Bangladesh Railway(railway.gov.bd) , National Institute of Mass Communication of Bangladesh(NIMC.gov.bd) and Jiban Bima Corporation(JBC.gov.bd).

Hacker managed to breach the database server belong to National Institute of Mass Communication and leaked the stolen data in Hey paste it (heypasteit.com/clip/0NUH)

The database dump contains database table name, name of users, hashed passwords. It contains more than 650+ entries of user data.

The hacker claims that the Bangladesh Gov websites are not secure at all . As far as i know, not only Bangladesh but also other countries government sites are vulnerable. More than 90% Government websites are vulnerable.

One of the Algerian Banks , Crédit populaire d'Algérie (CPA) Bank is found to be vulnerable to SQL Injection vulnerability. This critical vulnerability was discovered by a Grey-hat Tunisian Hacker "Human Mind Cracker" who usually targets Bank and Government sites.

In an email sent to EHN, the hacker provided the vulnerable link of the site(cpa-bank.dz).

" I reported to them the vulnerability before I hack into the database,2 days without reply or anything...After that I find that the email that they put it in the website for contact is INVALID mail.So I get into the database." The hacker said.

The Tunisian hacker 'Human Mind Cracker' who discover critical vulnerability in high profile website.Again,this time he hacked into Pakistan Army website and he get into their Database. He discovered SQL Injection vulnerability in their website 'www.pakistanarmy.gov.pk' .

In an email sent to EHN,the hacker provided us the vunerable link as a proof for his hacking.And he also provided a link to the dump (www.heypasteit.com/clip/0N5T).

" The reason of the hack is just to break the security of that website...I was thinking that Pakistan has a good cyber army but lool also they have a lot of vulnerable websites" hacker said in the email.

The hacker always try to hack into governments and banks website to improve his skills and want to know if government mind about security in their website.And the hacker said that more governments websites will be hacked by him soon.

A Tunisian greyhat hacker named as "Human Mind Cracker" has claimed to have breached the South Africa's National Department of Health website(doh.gov.za) and compromised the database.

In an email sent to EHN, hacker provided the vulnerable link as well as link to Database dump. Hacker requested me not to post the vulnerable link.

" The only reason about this hack that i love challenge and I readed a lot about the Moroccan hacker that break into some south Africa website so I just wanted to pentest their security" The hacker told EHN.

A Grey Hat Hacker with online handle "Human Mind cracker" has discovered SQL Injection vulnerability in some Tunisian Bank websites. Central Bank of Tunisia(bct.gov.tn) and Bank of Tunisia and the UAE (bte.com.tn) are vulnerable to SQLi .

In an email sent to EHN , hacker provided us the vulnerable link and the Proof-of-Concept(POC). As he recommend us not to publish the vulnerable , we are not providing the link here.

According to hacker, he reported the vulnerability to them but they didn't fix the vulnerability so he hacked into the database.

He has published some database information compromised from the server that includes database name and few username.

Also, he has discovered Cross site scripting (XSS) vulnerability in Central Bank of Tunisia,atb.com.tn and Banque de Tunisie(bt.com.tn).

SQL Injection is one of the most critical vulnerability, as attacker can extract the entire database by exploiting it. Banks should really buff up their security measures ,as cyber criminals mainly target Financial institution.